What encryption to use to encrypt credit card data without SDK

[JeremyNohDriveco]

Hey @worldline-dev-team,

I apologize in advance for creating an issue for the question i just lost. 🙄

Currently I'm trying to use your Direct API without SDK because I'm using React-Native.

I have already integrated the Server part.

But for sending credit card information the information must be encrypted.

after getting the publicKey, I can't find the format or how the info..

According to the doc is this information that I must encrypted but I don't know in what format?

Thank you in advance for your assistance,

Cordially and have a nice day. 🙂

[worldline-direct-support-team]

Hello Jeremy,

Thank you for reaching out. Apologies for the lacking documentation. We do not advise to write the encryption yourself, but that you use the built-in functionality in our SDK. However, I understand that as you are using React Native, this is not an option for you.

With regards to the format you should use for the encryption, it is the next code example in your link. The JSON that is showing there is an example for how the code should be formatted.

For the encryption itself, I would advise you to use as much of the implementation in our SDK as you can. Please see this file: https://github.com/wl-online-payments-direct/sdk-client-js/blob/master/src/JOSEEncryptor.js .

Kind regards, Worldline Online Payments Direct Support

[JeremyNohDriveco]

thank you for your answer and your reactivity, 😃

I had already looked at the source code, and I had identified this file,

Nevertheless, I do not understand the precise method of encryption you must encrypt in hmacsha512 then all in base64 ( i cant use node-forge in React-Native).

Otherwise how can I make sure that you decode the result on your side? and that the encryption I tried to do is understood by your server?

Thanks again, Awaiting your reply

[worldline-direct-support-team]

Hello Jeremy,

We are looking into the specifics of the encryption.

In the mean time, to validate that your encryption works, you should attempt to make a Create Payment request where you provide the EncryptedCustomerInput. If the server was unable to decrypt the provided data, you should receive an error that indicates this.

Kind regards, Worldline Online Payments Direct Support

[JeremyNohDriveco]

Thank you, I appreciate a description of the encryption method.

While waiting for your answer I will try on my side.  😆

Thank you in advance.

[JeremyNohDriveco]

Hello, I attempted to use the JOSEEncryptor.js file. Unfortunately I got the following error: Error: Too few bytes to parse DER.

Thinking it was on my side I tested your sdk example in JS after filling in the config with a session. I get an error : create-payload.js:23 Failed encrypting the payload,

After investigation, it would also be the same error as me so at the time getEncryptor().encrypt()

Do you have an explanation for me? If not, have you managed to understand the logic of Encryption?

Thank you for your reply.

[worldline-direct-support-team]

Hi Jeremy,

Our encryption uses JWE, with algorithm RSA-OAEP, and encryption method A256CBC-HS512. If you implement these standards correctly and encrypt using the public key from the get public key API, our server should be able to decrypt the provided encrypted customer input.

However, we would still advise against implementing the algorithm yourself. You mentioned you are using React Native. Would it be an option for you to use our native SDKs for Android and iOS? They also contain an implementation of the encryption algorithm and they are developed to run on Android and iOS.

With regards to your issue with the encryption in the JS SDK, could you provide us with some more details on how to reproduce the issue? Which browser / JS engine are you using? Which example are you using exactly? Which steps are you taking to trigger the encryption? Could you share your code with us?

Kind regards, Worldline Online Payments Direct Support

[JeremyNohDriveco]

Thank you for your message, and the encryption method,

Although I'm using React Native, I'm using Expo, so I can't install Install native libraries,

Regarding the JS Problem here are the details:

I use Chromium, node version v19.3.0 yarn v1.22.19 to install dependencies

I install the following library

I enter the file minimal-requirejs | minimal-browserify | I install dependencies with the command yarn I;

I complete the config.js file (for the minimal-requirejs folder) with a new session by filling in this information:

{
   clientSessionId: "",
   customerId: "",
   clientApiUrl: "",
   assetUrl: ""
}

I launch the project to display it on the browser and I have an Error in the console:

yet my requests are off to a good start;

as explained in my previous post it would be an error during the method, .getEncryptor() .encrypt(paymentRequest)

this may be related to my problem because when I copy the JOSEEncryptor file and I try on my side I also have a problem with the node-forge lib

so if you have an idea to solve this problem I am a taker because it seems that everything is linked.

thanks you soo much

[JeremyNohDriveco]

Hello, I come back to you, I found my mistake. 😁

in fact I didn't know that the public key was encrypted data of a specific format,, I thought I could test by changing to a random string just to test thedecodePemPublicKey() function,

after getting the right information: publicKey, keyId, everything seems to work. 🥰

When I inquired about your encryption method you quoted above, I realized my mistake.

thereby, using the JOSEEncryptor class I manage to produce the right encrypted key in the right format, and your server manages to read it.

(I don't understand why the JS example projects don't work. 🤨)

but on my side everything is good !!! 👍

Thank you for your time and your feedback.

[worldline-direct-support-team]

Hi Jeremy,

No problem, we're just happy to hear that the issue is solved 😄

Closing this issue. Please open a new one if there is anything else we can help with.

Kind regards, Worldline support